Adobe is changing the world through digital experiences. Our creative, marketing and document solutions empower everyone — from emerging artists to global brands — to bring digital creations to life and deliver them to the right person
at the right moment for the best results.

Summary

Adobe released security updates for Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh. These updates address vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.

Note that Adobe Photoshop CS6 (13.0) for Windows and Macintosh addresses three of these vulnerabilities (CVE-2012-2027, CVE-2012-2028, CVE-2012-2052). Users of Adobe Photoshop CS6 (13.0) should update to Adobe Photoshop CS6 (13.0.1), as referenced in Security Bulletin APSB12-20, which addresses CVE-2012-0275.

Details

Adobe released security updates for Adobe Photoshop CS5 (12.0) and Adobe Photoshop CS5.1 (12.1) for Windows and Macintosh. These updates address vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe Photoshop CS6 addresses these vulnerabilities. A malicious file must be opened in Photoshop CS5.1 and earlier for Windows and Macintosh by the user for an attacker to be able to exploit these vulnerabilities. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop.

Note that Adobe Photoshop CS6 (13.0) for Windows and Macintosh addresses three of these vulnerabilities (CVE-2012-2027, CVE-2012-2028, CVE-2012-2052). Users of Adobe Photoshop CS6 (13.0) should update to Adobe Photoshop CS6 (13.0.1), as referenced in Security Bulletin APSB12-20, which addresses CVE-2012-0275.

This upgrade resolves a use-after-free TIFF vulnerability that could lead to code execution (CVE-2012-2027, Bugtraq ID 52634, which references: www.securityfocus.com/bid/52634/).

This upgrade resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-2028).

These updates resolve a stack-based buffer-overflow vulnerability in the Collada .DAE file format that could lead to code execution (CVE-2012-2052, Bugtraq ID 53464, which references: www.securityfocus.com/bid/53464/).

These updates resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0275).

Acknowledgments

Adobe would like to thank the following individual and organization for reporting the relevant issue and for working with Adobe to help protect our customers: